Skip to content

How to install a Server Core R2 Domain Controller

May 28, 2013

How to install a Server Core R2 Domain Controller

Server Core installations were a new feature in Windows Server 2008. Now, in Windows Server 2008 R2, it has been given a major upgrade. It now includes the .Net Framework, Active Directory Certificate Services, etc.

The process to install a Server Core R2 Domain Controller differs somewhat from the installation process of a Windows Server 2008 Server Core Domain Controller.

Here I’m going to explains what are the differences, by walking through the process:

Step 1: Install the Operating System

Step 2: Configure basic settings

Step 3: License the Server

Step 4: Update the Server

Step 5: Install the roles and features

Step 6: Install additional features

Step 7: Update the Server

Step 8: Run the Best Practices Analyzer

Step 1: Install the Operating System

Before you install any OS on any system, you have to make sure that you upgrade the BIOS and any applicable firmware to the latest stable version.

Also make sure the system meets the minimum hardware requirements for Windows Server 2008 R2:

Component Requirement
Processor Minimum: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual Core)Note: An Intel Itanium 2 processor is required for Windows Server 2008 R2 for Itanium-Based Systems
Memory Minimum: 512 MB RAMMaximum: 8 GB (Foundation) or 32 GB (Standard) or 2 TB (Enterprise, Datacenter, and Itanium-Based Systems)
Disk Space Requirements Minimum: 32 GB or greaterNote: Computers with more than 16 GB of RAM will require more disk space for paging, hibernation, and dump files
Display Super VGA (800 × 600) or higher resolution monitor
Other DVD Drive, Keyboard and Microsoft Mouse (or compatible pointing device), Internet access (fees may apply)

Installing Windows Server 2008 R2 is a simple process.

Simply boot from the DVD and perform the following steps:

In the Install Windows screen select the Language to install,  Time and currency format and Keyboard or input method. When done, click Next.

In the second Install Windows screen, click on Install now.

In the Select the operating system you want to install screen, select Windows Server 2008 R2 Standard (Server Core Installation) from the list (In real life experience, I recommend administrator to select Windows Server 2008 R2 Enterprise (Server Core Installation), anyway please spend some time to go through my other post on how to make a decision between Windows Server Standard Edition and Windows Server Enterprise Edition

When done, click Next.

In the Please read the license terms screen, select the I accept the license terms option and click Next.

In the Which type of installation do you want? screen, select the Custom (advanced) option.

This will install a new copy of Windows. This option does not keep your files, settings and programs.

The final question in the Windows Server 2008 R2 installation process is Where do you want to install Windows? Since this is a new system, the built-in 40GB disk will do, anyway it’s all depend on your real life industry requirement.

Now, Windows Server 2008 R2 will install on the system.

Step 2: Configure basic settings

Once your Server Core installation is complete (this should only around 10 – 15 minutes), you’re presented with the logon screen.

The first time you log on to Windows Server 2008 R2 you need to change the password.

Press OK, than enter a new password twice and press the orb. When done, click OK to acknowledge you now have a password, and noted that the password needs to comply with complexity requirements

Congratulations! You are now at the console of a Server Core installation.

Let’s configure the system with some basic settings, like a computer name you can actually remember and some IP settings to fit into your current environment. To this purpose we’re starting up sconfig.cmd.

With this built-in Server Configuration tool, you can easily see and change settings.

As you might notice at a first glance, the server is autonamed. Let’s change the computername.

Press 2, Enter and then Enter new computer name (Blank=Cancel). I decided to name this server SCDC1. After pressing Enter, you will be confronted with a message stating the computer needs to be restarted to apply these setting. Press Yes to reboot.

After the reboot, log on with the password you provided earlier.

Now we’re ready to insert some meaningful IP information. Start up sconfig.cmd again and choose option 8) Network Settings. by typing 8 and an Enter. This will land you in the Network Settings menu.

For this demo, I’m using a system with a single Network Interface Card (NIC).

The IP address in the screenshot has been assigned by DHCP.


An Active Directory Domain Controller, however, needs a fixed IP address to be able to register it’s A and SRV records.


In Server Core installations of Windows Server 2008 and Windows Server 2008 R2, IPv6 is disabled by default.

When in the Network Settings menu of the Server Configuration tool, press the index number of the NIC you want to modify. (in my case 0) Then type 1, followed by an Enter to access the menu where you change the IPv4 address. Type S and Enter to specify a Static IP address. Then, type the IPv4 address for the server. In my case I’ll use the address, which I enforce with Enter. The default Subnet will do in this case, so I’ll accept it with Enter. As my Default Gateway (the nearest router) I choose An Enter completes this submenu.

The server now has a static IPv4 address. It, however, does not have any DNS Servers configured, so in the Network Settings menu for the NIC, type 2, followed by an Enter. Now type the IPv4 address of the primary DNS Server you’d like to use. Press Enter when done. Click on OK in the message stating “Preferred DNS Server set”. If you want to set a secondary DNS Server you also have the chance. I cancelled out on this by simply pressing Enter.

Step 3: License the Server

Now, our Server Core Domain Controller is able to communicate with the network.

Let’s enter the Windows Product Key for our system to continue to enjoy its bountiful commandline.

Type the following two commands to license the server with a KMS host:

start /w slmgr.vbs -ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

start /w slmgr.vbs –ato

When you’re not using KMS in your network, specify a more appropriate Windows Product Key.

Step 4: Update the Server

Before we apply Server roles and features to the server, it is essential to update the server with the latest Windows updates.

The Server Configuration tool (sconfig.cmd) has a menu option to set Windows Update settings and an option to manually update the server.

By default the Windows Update settings are set to update manually (the administrator specifies when and what updates to download and when and what updates to install).

First, let’s enter the Windows Update submenu by pressing 5 and Enter.

Press A, followed by Enter to set Windows Update to Automatic.

Press OK to acknowledge the change to the Windows Update settings.

To manually update the Windows Server now, press 6 and Enter in the Server Configuration Tool. Choose to search for All updates, by pressing A and Enter. After a while, choose to download and install All updates, by (again) pressing A and Enter.

After installing the Windows Updates, the box needs a restart. Press Yes to restart.

Step 5: Install the roles and features

We can now turn our Windows Server installation into a functional Server, services clients and employees with meaningful information.

For the purpose of this demo, I’ll transform this Server Core installation into an Active Directory Domain Controller.

The Active Directory Domain Services – Domain Controller role in Windows Server 2008 R2, features the Active Directory Gateway Services. This is a web service, that enables the Active Directory PowerShell cmdlets and the use of the Active Directory Administrative Center (remotely). In order to transform the server, we need to install the .Net Framework first with the following two commands:

dism /online /enable-feature /featurename:NetFx2-ServerCore

dism /online /enable-feature /featurename:NetFx3-ServerCore

After installing the .Net Framework, we’re ready to install the binaries for the Active Directory Domain Services – Domain Controller role with the following commandline:

dism /online /enable-feature /featurename:DirectoryServices-DomainController-ServerFoundation

Now, all you need to do now to make the server a Domain Controller you’ll need to dcpromo it. Unlike a Full installation of Windows Server, though, the graphical version of the Active Directory installation wizard is not available on a Server Core installation.

This only presents a minor issue, since we can use dcpromo.exe with an answerfile.

Simply start up notepad.exe on your Server Core installation and copy, paste the following information into it:


This will create a Domain Controller for a new domain in a new forest, named You may change settings according to your environment.

Save the file as dcpromo.txt and use it in the following commandline:

dcpromo.exe /unattend:C:\users\administrator\dcpromo.txt

The system will reboot automatically. After this reboot use Notepad to open the log files:



Step 6: Install additional features

Your Server Core Domain Controller might benefit from the following Server Features, when you install them. The Active Directory PowerShell commandlets, from my point of view, are essential on a Domain Controller. You might install these with the following two commands:

dism /online /enable-feature /featurename:MicrosoftWindowsPowerShell

dism /online /enable-feature /featurename:ActiveDirectory-PowerShell

While you’re at it, I recommend also installing Windows Backup and its corresponding PowerShell cmdlets:

dism /online /enable-feature /featurename:WindowsServerBackup

dism /online /enable-feature /featurename:WindowsServerBackupCommandlet

These will help you make Active Directory aware backups.

Step 7: Update the Server

With some Server Roles and Features installed, the attack surface of your Server Core installation has dramatically increased.

As a best security practice, I recommend updating the server again. Run through step 4 again to make it happen.

On top of the 28 updates I got previously, I now receive an additional 5 updates.

Step 8: Run the Best Practices Analyzer

With Windows Server 2008 R2 it has become harder to install a sloppy Domain Controller. With its built-in Best Practices Analyzer (BPA) and accompanying BPA rule updates, administrators can compare their Active Directory environments with the Microsoft Best Practices.

To install the Active Directory Best Practices Analyzer, run the following commands:

dism /online /enable-feature /featurename:ServerManager-PSH-Cmdlets

dism /online /enable-feature /featurename:BestPractices-PSH-Cmdlets

Now you can use Server Manager (servermanager.msc) MMC from a Full Installation of Windows Server 2008 R2 or the Server Manager (servermanager.msc) MMC from the Remote Server Administration Tools (RSAT) on a Windows 7 member workstation to kick-off and review Best Practices.

However, you can also kick-off and review a Best Practices Analysis from the commandline of your Server Core Domain Controller. To achieve this, run the following commands:


Import-Module ServerManager

Import-Module BestPractices

Invoke-BPAModel –BestPracticesModelID Microsoft/Windows/DirectoryServices

If you want to have the results in a humanly readable format on your Server Core box, ask for the output and export it to either CSV or HTML. In case of HTML, run the following command:

Get-BpaResult -BestPracticesModelId Microsoft/Windows/DirectoryServices | Where-Object {$_.Severity -eq “Error” -or $_.Severity -eq “Warning” } | ConvertTo-Html -Property Severity,Category,Title,Problem,Impact,Resolution,Help -Title “BPA Report for Active Directory” -Body “BPA Report for Active Directory <HR>” –Head “<title>BPA Report</title><style type=’text/css’> table  { border-collapse: collapse; width: 700px } body   { font-family: Arial } td, th { border-width: 2px; border-style: solid; text-align: left; padding: 2px 4px; border-color: black } th     { background-color: grey } td.Red { color: Red } </style>”  | Out-File “\\\netlogon\bpa.html”

This will create a HTML file in the Netlogon folder, where you can pick it up with Windows 7 or Full installation of Windows Server 2008 R2.

From → Server Core!!!

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: